[net,V3,01/15] net/mlx5e: Honor user choice of IPsec replay window size

Commit Message

Saeed Mahameed Dec. 5, 2023, 9:45 p.m. UTC

From: Leon Romanovsky <leonro@nvidia.com>

Users can configure IPsec replay window size, but mlx5 driver didn't
honor their choice and set always 32bits. Fix assignment logic to
configure right size from the beginning.

Fixes: 7db21ef4566e ("net/mlx5e: Set IPsec replay sequence numbers")
Reviewed-by: Patrisious Haddad <phaddad@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
---
 .../mellanox/mlx5/core/en_accel/ipsec.c       | 21 +++++++++++++++++++
 .../mlx5/core/en_accel/ipsec_offload.c        |  2 +-
 include/linux/mlx5/mlx5_ifc.h                 |  7 +++++++
 3 files changed, 29 insertions(+), 1 deletion(-)

Comments

patchwork-bot+netdevbpf@kernel.org Dec. 8, 2023, 10:40 a.m. UTC | #1

Hello:

This series was applied to netdev/net.git (main)
by Saeed Mahameed <saeedm@nvidia.com>:

On Tue,  5 Dec 2023 13:45:20 -0800 you wrote:
> From: Leon Romanovsky <leonro@nvidia.com>
> 
> Users can configure IPsec replay window size, but mlx5 driver didn't
> honor their choice and set always 32bits. Fix assignment logic to
> configure right size from the beginning.
> 
> Fixes: 7db21ef4566e ("net/mlx5e: Set IPsec replay sequence numbers")
> Reviewed-by: Patrisious Haddad <phaddad@nvidia.com>
> Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
> 
> [...]

Here is the summary with links:
  - [net,V3,01/15] net/mlx5e: Honor user choice of IPsec replay window size
    https://git.kernel.org/netdev/net/c/a5e400a985df
  - [net,V3,02/15] net/mlx5e: Ensure that IPsec sequence packet number starts from 1
    https://git.kernel.org/netdev/net/c/3d42c8cc67a8
  - [net,V3,03/15] net/mlx5e: Unify esw and normal IPsec status table creation/destruction
    https://git.kernel.org/netdev/net/c/94af50c0a9bb
  - [net,V3,04/15] net/mlx5e: Remove exposure of IPsec RX flow steering struct
    https://git.kernel.org/netdev/net/c/5ad00dee43b9
  - [net,V3,05/15] net/mlx5e: Add IPsec and ASO syndromes check in HW
    https://git.kernel.org/netdev/net/c/dddb49b63d86
  - [net,V3,06/15] net/mlx5e: Tidy up IPsec NAT-T SA discovery
    https://git.kernel.org/netdev/net/c/c2bf84f1d1a1
  - [net,V3,07/15] net/mlx5e: Reduce eswitch mode_lock protection context
    https://git.kernel.org/netdev/net/c/baac8351f74c
  - [net,V3,08/15] net/mlx5e: Disable IPsec offload support if not FW steering
    https://git.kernel.org/netdev/net/c/762a55a54eec
  - [net,V3,09/15] net/mlx5e: Fix possible deadlock on mlx5e_tx_timeout_work
    https://git.kernel.org/netdev/net/c/eab0da38912e
  - [net,V3,10/15] net/mlx5e: TC, Don't offload post action rule if not supported
    https://git.kernel.org/netdev/net/c/ccbe33003b10
  - [net,V3,11/15] net/mlx5: Nack sync reset request when HotPlug is enabled
    https://git.kernel.org/netdev/net/c/3d7a3f2612d7
  - [net,V3,12/15] net/mlx5e: Check netdev pointer before checking its net ns
    https://git.kernel.org/netdev/net/c/7aaf975238c4
  - [net,V3,13/15] net/mlx5: Fix a NULL vs IS_ERR() check
    https://git.kernel.org/netdev/net/c/ca4ef28d0ad8
  - [net,V3,14/15] net/mlx5e: Correct snprintf truncation handling for fw_version buffer
    (no matching commit)
  - [net,V3,15/15] net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors
    (no matching commit)

You are awesome, thank you!

Patch

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index 655496598c68..4028932d93ce 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -335,6 +335,27 @@  void mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry,
 		attrs->replay_esn.esn = sa_entry->esn_state.esn;
 		attrs->replay_esn.esn_msb = sa_entry->esn_state.esn_msb;
 		attrs->replay_esn.overlap = sa_entry->esn_state.overlap;
+		switch (x->replay_esn->replay_window) {
+		case 32:
+			attrs->replay_esn.replay_window =
+				MLX5_IPSEC_ASO_REPLAY_WIN_32BIT;
+			break;
+		case 64:
+			attrs->replay_esn.replay_window =
+				MLX5_IPSEC_ASO_REPLAY_WIN_64BIT;
+			break;
+		case 128:
+			attrs->replay_esn.replay_window =
+				MLX5_IPSEC_ASO_REPLAY_WIN_128BIT;
+			break;
+		case 256:
+			attrs->replay_esn.replay_window =
+				MLX5_IPSEC_ASO_REPLAY_WIN_256BIT;
+			break;
+		default:
+			WARN_ON(true);
+			return;
+		}
 	}
 
 	attrs->dir = x->xso.dir;
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c
index a91f772dc981..4e018fba2d5f 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c
@@ -95,7 +95,7 @@  static void mlx5e_ipsec_packet_setup(void *obj, u32 pdn,
 
 		if (attrs->dir == XFRM_DEV_OFFLOAD_IN) {
 			MLX5_SET(ipsec_aso, aso_ctx, window_sz,
-				 attrs->replay_esn.replay_window / 64);
+				 attrs->replay_esn.replay_window);
 			MLX5_SET(ipsec_aso, aso_ctx, mode,
 				 MLX5_IPSEC_ASO_REPLAY_PROTECTION);
 		}
diff --git a/include/linux/mlx5/mlx5_ifc.h b/include/linux/mlx5/mlx5_ifc.h
index 6f3631425f38..90ca63f4bf63 100644
--- a/include/linux/mlx5/mlx5_ifc.h
+++ b/include/linux/mlx5/mlx5_ifc.h
@@ -12001,6 +12001,13 @@  enum {
 	MLX5_IPSEC_ASO_INC_SN            = 0x2,
 };
 
+enum {
+	MLX5_IPSEC_ASO_REPLAY_WIN_32BIT  = 0x0,
+	MLX5_IPSEC_ASO_REPLAY_WIN_64BIT  = 0x1,
+	MLX5_IPSEC_ASO_REPLAY_WIN_128BIT = 0x2,
+	MLX5_IPSEC_ASO_REPLAY_WIN_256BIT = 0x3,
+};
+
 struct mlx5_ifc_ipsec_aso_bits {
 	u8         valid[0x1];
 	u8         reserved_at_201[0x1];